A web application firewall inspects requests and filters those that are deemed malicious. In comparison, Client Reputation focuses on the source of the request, and determines the extent to which that source has sent malicious requests in the past. Register today for this upcoming webcast to find out more!

SC Magazine's SC Congress returns to London on 3 March, 2015 with an all new programme! Here is your chance to catch a full day of hard-hitting information security news and solutions from leaders in their industries that you can implement for your company.

As employees increasingly have mobile access to the corporate network this webcast will discuss the steps organisations can take to minimise risk among their workforce and detail what a mobile device management policy should look like and how to enforce it. Register today for this SC editorial webcast!

Attackers home in on Steam gamers with help of Ramnit Trojan

Users of the popular video game distribution service Steam are being targeted by a Trojan that steals their login credentials and defeats the service's password encryption mechanism by using HTML injection.

According to security firm Trusteer, which specialises in fraud prevention services, attackers have been on a campaign to obtain Steam users' login data since mid-July.

Etay Maor, fraud prevention solutions manager at Trusteer, detailed the attackers' exploits in a blog post on Monday, revealing that a variant of the Trojan Ramnit was being used to compromise gamers.

A major software service that provides users access to more than 2,000 games, Steam has around 54 million members and is owned by US, Washington-based software company Valve.

Steam was the victim of a massive breach back in November 2011, in which hackers accessed the personal data of up to 35 million users contained in a database.

This time however, the vandals targeted individual users, Etay said.

Once users are infected by Ramnit, attackers wait for victims to log in to their Steam account, at which point miscreants use HMTL injection to capture passwords, which are normally encrypted by the site, in plain text. To ensure that Steam's operators are none the wiser to the attacks, the malware also removes the injected code before the information is sent to Steam's website.

Maor described the man-in-the-browser (MitB) style attack on Trusteer's blog.

“To avoid detection, Ramnit simply makes sure the server never sees the injection,” he wrote. “To do so, prior to the [username and password] form being sent to the website, Ramnit removes the injected element. This can be observed in the first part of the code.”

In an interview on Wednesday, Maor told SCMagazine.com that some researchers have begun to move away from strictly categorising malware such as Ramnit as 'banking Trojans' because variants are increasingly being repurposed to go after users at other sites.

“They are targeting everything – gaming services, dating sites – if there's a username and password associated with it, they are going to target it at some point,” Maor said.

Services such as Steam are particularly attractive for crooks, Maor added. Gaming software is usually more vulnerable to attack, considering users tend to disengage their firewalls, security solutions or any other programs that could slow down their systems while they are gaming, he explained.

“If you get access to a Steam account, you can [carry out] identity theft of the gamer, like buy games and send them as personal gifts to other people," Maor said. "It's pretty similar to getting bank account access – their [profile] is now open and you can change their email or other account information. The last option, of course, is to just sell the credentials on an underground forum."

It is unclear how many people have fallen victim to the latest wave of attacks.

SCMagazine.com contacted Valve, Steam's developer and owner, but did not immediately hear back from the company. Per policy, Maor said Trusteer contacted Valve prior to disclosing information about the attacks.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.